Exchange Server

Export Calendar permissions for specific OU

Godwin DanielLeave a comment

The below has been tested on exchange 2010 to export calendar permissions for mailboxes in a specific OU.

# Get the mailboxes
$Mailboxes = get-mailbox -OrganizationalUnit “OU=Users,DC=Contoso,DC=local” -Filter {RecipientTypeDetails -eq “usermailbox”} -ResultSize Unlimited

# An array for the output
$Output = @()

# Loop through the mailboxes
ForEach ($Mailbox in $Mailboxes) {
# Get the name of the calendar folder
$Calendar = (($Mailbox.PrimarySmtpAddress.ToString())+ “:\” + (Get-MailboxFolderStatistics -Identity $Mailbox.DistinguishedName -FolderScope Calendar | Select-Object -First 1).Name)

# Get the permissions on the folder
$Permissions = Get-MailboxFolderPermission -Identity $Calendar

# Loop through the permissions, populating the output array
ForEach ($Permission in $Permissions) {
$Permission | Add-Member -MemberType NoteProperty -Name “Mailbox” -value $Mailbox.DisplayName
$Output = $Output + $Permission
}
}

# Write the output to a CSV file
$Output | Select-Object Mailbox, User, {$_.AccessRights}, IsValid | Export-Csv -Path C:\temp\Calendarpermissions.csv -NoTypeInformation

Filtering to the specific OU is very useful if you are managing multi-tenant exchange environment. Modify the above script as per your needs and save as .ps1 to run on powershell.

Exchange 2013 Emails stuck in Drafts

Godwin Daniel8 Comments

No outgoing Emails in Exchange 2013 fresh install , sent emails get stuck in Drafts folder in OWA,

Scenario: The problematic environment was a fresh install of exchange 2013, no migration and new mailboxes were created, but when emails were sent they got stuck in the drafts folder, OWA or outlook both failed sending emails. This is a 2012 environment, main DC and a member 2012 server, both being virtual and the server hosting exchange was a clone server.

Diagnosis: After enabling verbose logging on the default receive connector, the following error messages were seen in the SMTP recieve located here: C:\Program Files\MicrosoftExchange Server\V15\TransportRoles\Logs\Hub\ProtocolLogSmtpReceive\

X.X.X.X:2525,X.X.X.X:53103,>,421 4.3.2 Service not available,

Enabled kerberos logging  using :http://support.microsoft.com/default.aspx?scid=kb;EN-US;262177

after this checked the eventlogs showed a huge number of Kerberos related errors under System:

A Kerberos error message was received:
on logon session DOMAIN.LOCALExchangeservername$
Client Time:
Server Time: 0:35:49.0000 3/19/2014 Z
Error Code: 0x6 KDC_ERR_C_PRINCIPAL_UNKNOWN

Checked to make sure all services are running and checking SPN are set correctly using the setspn commands:

setspn -L hostname
setspn -r AccountName

more details here: http://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spns-setspn-syntax-setspn-exe.aspx

Also checked to make sure correct DNS settings were used in the Exchange server under EAC=>Servers=>edit=>DNS lookups.

In my case both internal and external lookups were set to ” all network adapters ipv4″

Solution: Eventually it turned out to be the Security Policy setting wasnt enabled for Access this computer from the network Policy in Group Policy

The default domain policy was applied to the OU where the Exchange 2013 server was, hence updated default domain policy: so open Group Policy Editor and go to

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\

Put a tick on Define these policy settings and add the default groups as per : http://technet.microsoft.com/en-us/library/cc740196(v=ws.10).aspx

  • Administrators
  • Backup Operators
  • Users 
  • Everyone

Please note this is a 2012 server and for some reason there are no power users as per the article.

Did a gpupdate /force on DC and exchange and reboot exchange services and voila all stuck emails were going out one at a time.

At this point in time the kerberos errors are still being generated, I still need to fix this…more soon.